accept no compromises
Showing 1 - 10 of 10 RSS Feed

CVE-2016-4449

Status Candidate

Overview

XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.

Related Files

Apple Security Advisory 2016-07-18-6
Posted Jul 19, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-07-18-6 - iTunes 12.4.2 for Windows is now available and addresses multiple memory corruption vulnerabilities.

tags | advisory, vulnerability
systems | windows, apple
advisories | CVE-2016-1684, CVE-2016-1836, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483, CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, CVE-2016-4612, CVE-2016-4614, CVE-2016-4615, CVE-2016-4616, CVE-2016-4619
MD5 | 0c1c367279daed63eed1290d30922418
Apple Security Advisory 2016-07-18-4
Posted Jul 19, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-07-18-4 - tvOS 9.2.2 is now available and addresses code execution, denial of service, and various other vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | apple
advisories | CVE-2016-1684, CVE-2016-1863, CVE-2016-1864, CVE-2016-1865, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483, CVE-2016-4582, CVE-2016-4583, CVE-2016-4584, CVE-2016-4585, CVE-2016-4586, CVE-2016-4587, CVE-2016-4588, CVE-2016-4589, CVE-2016-4591, CVE-2016-4592, CVE-2016-4594, CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, CVE-2016-4612, CVE-2016-4614, CVE-2016-4615, CVE-2016-4616, CVE-2016-4619, CVE-2016-4622
MD5 | 78714aa0a42761ac5d9d4e9b87e41826
Apple Security Advisory 2016-07-18-3
Posted Jul 19, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-07-18-3 - watchOS 2.2.2 is now available and addresses code execution, denial of service, and various other vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | apple
advisories | CVE-2016-1684, CVE-2016-1836, CVE-2016-1863, CVE-2016-1864, CVE-2016-1865, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483, CVE-2016-4582, CVE-2016-4594, CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, CVE-2016-4612, CVE-2016-4614, CVE-2016-4615, CVE-2016-4616, CVE-2016-4619, CVE-2016-4626, CVE-2016-4627, CVE-2016-4628, CVE-2016-4631, CVE-2016-4632, CVE-2016-4637
MD5 | 381b5397ae9c32a9c2c56f1870cae5b8
Apple Security Advisory 2016-07-18-2
Posted Jul 19, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-07-18-2 - iOS 9.3.3 is now available and addresses denial of service, code execution, and various other vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | apple
advisories | CVE-2016-1684, CVE-2016-1836, CVE-2016-1863, CVE-2016-1864, CVE-2016-1865, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483, CVE-2016-4582, CVE-2016-4583, CVE-2016-4584, CVE-2016-4585, CVE-2016-4587, CVE-2016-4589, CVE-2016-4590, CVE-2016-4591, CVE-2016-4592, CVE-2016-4593, CVE-2016-4594, CVE-2016-4603, CVE-2016-4604, CVE-2016-4605, CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, CVE-2016-4612
MD5 | c7a40c93e99bbac1e736d8042904c689
Apple Security Advisory 2016-07-18-1
Posted Jul 19, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-07-18-1 - OS X El Capitan v10.11.6 and Security Update 2016-004 is now available and addresses arbitrary code execution, information disclosure, and various other vulnerabilities.

tags | advisory, arbitrary, vulnerability, code execution, info disclosure
systems | apple, osx
advisories | CVE-2014-9862, CVE-2016-0718, CVE-2016-1684, CVE-2016-1836, CVE-2016-1863, CVE-2016-1864, CVE-2016-1865, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483, CVE-2016-4582, CVE-2016-4594, CVE-2016-4595, CVE-2016-4596, CVE-2016-4597, CVE-2016-4598, CVE-2016-4599, CVE-2016-4600, CVE-2016-4601, CVE-2016-4602, CVE-2016-4607
MD5 | 596904cffbf32a317a758cee9c7b9650
HP Security Bulletin HPSBGN03628 1
Posted Jul 7, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03628 1 - Security vulnerabilities in the libXML2 library could potentially impact HPE IceWall Federation Agent resulting in Remote Denial of Service (DoS), or unauthorized modification, or unauthorized disclosure of information. Revision 1 of this advisory.

tags | advisory, remote, denial of service, vulnerability
advisories | CVE-2016-4447, CVE-2016-4448, CVE-2016-4449
MD5 | 86566d3973506928ed48b8164f3e8276
Red Hat Security Advisory 2016-1292-01
Posted Jun 23, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1292-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix: A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the permissions of the user running the application.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449
MD5 | 59ced5e929b2b407550c94cdb91fce8b
Ubuntu Security Notice USN-2994-1
Posted Jun 7, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2994-1 - It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. CVE-2016-3627,CVE-2016-3705, It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-8806, CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-2073, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4449, CVE-2016-4483
MD5 | 0e42f3a6043a95dc25102edb7f547b51
Debian Security Advisory 3593-1
Posted Jun 2, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3593-1 - Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause a denial-of-service against the application, or potentially the execution of arbitrary code with the privileges of the user running the application.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2015-8806, CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-2073, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4449, CVE-2016-4483
MD5 | e5d948e3ee9dc2bca7781c7e17816d38
Slackware Security Advisory - libxml2 Updates
Posted May 27, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New libxml2 packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-4447, CVE-2016-4448, CVE-2016-4449
MD5 | 1c33839b415bdf13577c201d7f2262a0
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    8 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close